Platform: Code4rena
Start Date: 14/04/2022
Pot Size: $75,000 USDC
Total HM: 8
Participants: 72
Period: 7 days
Judge: Jack the Pug
Total Solo HM: 2
Id: 110
League: ETH
Rank: 20/72
Findings: 3
Award: $706.78
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: cccz
Also found by: 0xBug, 0xDjango, CertoraInc, TrungOre, VAD37, berndartmueller, georgypetrov, horsefacts, m9800, pedroais, rayn, reassor, scaraven, wuwe1
431.1404 USDC - $431.14
https://github.com/code-423n4/2022-04-badger-citadel/blob/18f8c392b6fc303fe95602eba6303725023e53da/src/StakedCitadel.sol#L830 https://github.com/code-423n4/2022-04-badger-citadel/blob/18f8c392b6fc303fe95602eba6303725023e53da/src/StakedCitadel.sol#L13 https://github.com/code-423n4/2022-04-badger-citadel/blob/18f8c392b6fc303fe95602eba6303725023e53da/src/StakedCitadelVester.sol#L132 https://github.com/code-423n4/2022-04-badger-citadel/blob/18f8c392b6fc303fe95602eba6303725023e53da/src/interfaces/citadel/IVesting.sol#L5
Users will not be able to withdraw their funds .
When a user wants to withdraw his tokens from StakedCitadel.sol, vesting is supposed to be set and tokens are sent to the vesting contract where they are vested linearly for 21 days.
This is done by calling the setupvesting() function of the imported interface IVesting.sol. The Vesting contract is StakedCitadelVester.sol and that contract doesn’t have a function called setupvesting(). The name of the function to setup a vest is vest(). So the interface doesn’t match with the contract and Users will not be able to withdraw their funds.
change the name of one of the functions to match with the other.
#0 - shuklaayush
2022-05-11T20:38:39Z
Same as #89
#1 - jack-the-pug
2022-05-29T06:45:30Z
Dup #9
184.248 USDC - $184.25
https://github.com/code-423n4/2022-04-badger-citadel/blob/18f8c392b6fc303fe95602eba6303725023e53da/src/Funding.sol#L163 https://github.com/code-423n4/2022-04-badger-citadel/blob/18f8c392b6fc303fe95602eba6303725023e53da/src/Funding.sol#L177 https://github.com/code-423n4/2022-04-badger-citadel/blob/18f8c392b6fc303fe95602eba6303725023e53da/src/Funding.sol#L215 https://github.com/code-423n4/2022-04-badger-citadel/blob/18f8c392b6fc303fe95602eba6303725023e53da/src/Funding.sol#L178
If a user doesn't set a minimum (set to 0) of citadel expected in function deposit(), can receive 0 tokens in exchange, no matter the amount of asset he's depositing.
The funding contract is used to trade citadel token with another asset. A user wanting to trade uses the deposit() function to get tokens.Deposit() uses a second function to calculate the amount Out of tokens, getAmountOut().
If funding.discount is equal to 0, the getAmountOut() function will return 0 because it will not enter in the if branch and citadelAmount_ is not declared before and its value will be 0, so 0/anything =0.
So the User could receive 0 tokens in exchange of any amount of asset in.
If the user sets a non zero minimum amount in deposit(), the function will revert and users are not going to be able to buy tokens. https://github.com/code-423n4/2022-04-badger-citadel/blob/18f8c392b6fc303fe95602eba6303725023e53da/src/Funding.sol#L178
If funding.discount is equal to 0 return citadelAmount_ = citadelAmountWithoutDiscount/ assetDecimalsNormalizationValue https://github.com/code-423n4/2022-04-badger-citadel/blob/18f8c392b6fc303fe95602eba6303725023e53da/src/Funding.sol#L215
#0 - shuklaayush
2022-05-11T20:40:57Z
#18
#1 - jack-the-pug
2022-05-29T06:57:21Z
Dup #149
🌟 Selected for report: IllIllI
Also found by: 0v3rf10w, 0x1f8b, 0xDjango, 0xkatana, AmitN, CertoraInc, Dravee, Funen, Hawkeye, Jujic, MaratCerby, Picodes, Ruhum, SolidityScan, TerrierLover, TomFrenchBlockchain, TrungOre, VAD37, Yiko, berndartmueller, cmichel, csanuragjain, danb, defsec, delfin454000, dipp, ellahi, fatherOfBlocks, georgypetrov, gs8nrv, gzeon, horsefacts, hubble, hyh, ilan, jah, joestakey, kebabsec, kenta, kyliek, m9800, minhquanym, oyc_109, p_crypt0, peritoflores, rayn, reassor, remora, rfa, robee, scaraven, securerodd, shenwilly, sorrynotsorry, tchkvsky, teryanarmen, z3s
91.3943 USDC - $91.39
Low findings :
[N01] The if branch of claim() function can ve avoided by adding a require(amount!=0, "0 amount") and it would be a better practice to revert and let the user know the error instead of doing nothing and mark the operation as succeeded
non critical:
[N01] the if branch can be avoided to simplify the code, and if in general feeBps !=0, it will save gas. https://github.com/code-423n4/2022-04-badger-citadel/blob/18f8c392b6fc303fe95602eba6303725023e53da/src/StakedCitadel.sol#L849